Sergey Chubarov
Security Expert
Paço de Arcos, Portugal
Actions
Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.
His day-to-day job is to help companies securely embrace cloud technologies.
He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.
Frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin' Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, Hack in Paris etc.
Prefers live demos and cyberattacks simulations.
Links
Awards
Area of Expertise
Topics
Mastering SOC with Microsoft Sentinel: Advanced Security Operations & Defensive Analysis
This session builds a solid foundation in security operations and defensive analysis, teaching you to detect, analyze, and respond to cyber threats.
Session contains:
- Attacker Methodology: Lockheed-Martin Cyber Kill-Chain and MITRE ATT&CK Framework.
- SIEM and ELK Stack: Sentinel and ELK Stack concepts.
- Windows Endpoint Security: Collect Windows processes, services, registry and PowerShell.
- Linux Endpoint Security: Linux daemons, Syslog Framework, and web logging
- IDPS: Integrate IDPS with Microsoft Sentinel.
- Active Directory Security: detecting Active Directory enumeration.
The Dark Side of AI: Malicious Actors and Their Tools
This session covers how malicious actors utilize AI in order to conduct sophisticated attacks.
From creating phishing messages to the use of AI automated hacking tools that find weaknesses.
The session contains:
- AI-Driven Penetration Testing: Pentesters can use AI to automate penetration testing. However, bad actors also use these tools
- AI-Generated Phishing Campaigns: How AI can create personalized messages
- AI-Created Malware: AI can be used to design malware that evade detection
AI-Hacked Passwords: AI can crack passwords by analyzing patterns to predict likely password combinations
AMSI & CLM: acronyms that stop Powershell attacks
PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM).
The session will lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains:
- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods
- Understanding CLM
- Dive into PowerShell runspaces
- CLM bypass methods
Behind the curtain of PowerShell cmdlets
PowerShell is widely used, but a few thinks about how cmdlets work behind the scenes.
This knowledge allows IT administrators find hidden capabilities even in built-in cmdlets, developers create their own, and better understand PowerShell-based attacks for security engineers.
The session sheds light on well-known cmdlets and how to overcome some built-in limitations.
Demo-based session contains:
- Win32 API intro
- Monitoring Built-in Cmdlets API Calls
- Analyzing API Calls in a source code
- Abstract Win32 API functions with PSReflect
- Customize Built-in Cmdlets
Managed Identity for Hackers and Developers
There are so many managed cloud services today, it can be hard to follow what each is used for. This makes access management a critical area on which cloud security professionals should focus.
Managed identities provide an identity for applications to use when connecting to resources that support Microsoft Entra ID authentication.
As with any identity, this must be configured correctly, otherwise the identity may be compromised and the malicious actor can gain privileged access.
Session contains:
- Dive into Managed Identity and JWT tokens
- Azure resources enumeration
- Getting access to blob storage using compromised identity
- Retrieving Azure Key Vault secrets
- Extract data from SQL Database
Microsoft Defender for Office 365 evasion. The story of confirmed vulnerability
Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.
Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
Safe Links provides time-of-click verification of URLs.
It sounds cool and, in fact, is a black box that we should completely trust.
Session is an opening of this black box, based on own research and discovered vulnerabilities.
Vulnerability was reported and confirmed by Microsoft Security Research.
Live demos only.
Session contains:
- Testing malicious attachments. An example of attachments that are detected.
- Inside the sandbox. What is Safe Attachments from the inside and how does it work.
- Safe Attachments bypass. How the vulnerability was discovered.
- The fix. What did Microsoft do to fix the vulnerability
- Testing malicious links. An example of links that are blocked.
- Safe Links bypass. How attackers can bypass the link protection.
The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud.
Pentesting Azure Container Services
Containers are playing their role in the digital transformation by providing a fast deployment of cloud-native applications. Containers are also often viewed as secure, which is true. But how are they really well configured?
A demo-based session.
The session includes:
- Containers 101
- Backdooring Docker containers images
- Poisoning images on Azure Container Registry
- Compromise containers on Azure Container Instance
- Compromise containers on Azure Kubernetes Services
- Vulnerability Assessment
Sneaky Defense Evasion. Windows 11 security bypassed
Today's cybercriminals have a hard time: antiviruses, whitelisting, intrusion detection systems, etc. are used by many companies around the world. However, the number of security incidents is on the rise. While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion technics to keep up with attackers.
Get insights on Windows 11 security bypass in advanced scenario-based session.
Live demos only.
The session contains:
- Preparing the payload. Microsoft Defender AV Evasion
- Downloading the payload. Attack Surface Reduction bypass
- Executing the payload. Abusing Applocker configurations
- Covering the tracks. Ransomware vs Controlled Folder Access
AI for Next-Gen Security: OpenAI and Copilot for Security Synergy
This demo-based session explores the potent collaboration between OpenAI and Copilot for Security.
Discover how the fusion of artificial intelligence is revolutionizing threat detection, response strategies, and proactive risk mitigation.
The session contains following topics:
- How AI used by attackers
- How Copilot for Security works
- Setting up security using with AI
- Detect threats with the AI-assistant
- Give a quick and informative AI-driven response
- A few words about licensing
Navigating the Battlefield: Leveraging MITRE ATT&CK Tactics
The current threat landscape necessitates organizations to proactively detect and remediate vulnerabilities before attackers discover and exploit them. The MITRE ATT&CK framework acts as a repository of tactics, techniques, and procedures that security professionals use to understand the behavior of attackers. Using the MITRE ATT&CK knowledge base that maps external and internal TTP, red teams can develop threat models and methodologies for more effective attacks. Researching the TTP through MITRE ATT&CK will enable analysts and defenders to better understand threats against their organizations or enterprises.
The session aims to better understand the importance of MITRE ATT&CK tactics in a live demo. The session will also demonstrate how Microsoft products use MITRE ATT&CK for SOC operations.
In the session:
- An introduction to MITRE ATT&CK tactics and techniques
- Designing breach and attack simulations process with the help of MITRE ATT&CK
- How Microsoft 365 Defender and Microsoft Sentinel use MITRE ATT&CK
EC-Council Cyber Talks December 24 Upcoming
EC-Council Cyber Talks November 24 Upcoming
MMS 2024 Flamingo Edition Sessionize Event
Manchester365 Microsoft Cloud Engineering Summit Sessionize Event
Workplace Ninja Summit 2024 Sessionize Event
psconf.eu 2024 Sessionize Event
Experts Live Netherlands 2024 Sessionize Event
EC-Council Cyber Talks May 24
DevSum 2024 Sessionize Event
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2024 Sessionize Event
EC-Council Cyber Talks Mar 24
EC-Council Cyber Talks Jan 24
European MCT Summit 2024 Sessionize Event
NDC Security 2024 Sessionize Event
ESPC23 - European SharePoint, Office 365 & Azure Conference Sessionize Event
Techorama Netherlands 2023 Sessionize Event
Workplace Ninja Summit 2023 Sessionize Event
MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2023 Sessionize Event
Experts Live Netherlands 2023 Sessionize Event
Techorama 2023 Belgium Sessionize Event
.NET Conference Armenia
CloudBrew 2022 - A two-day Microsoft Azure event Sessionize Event
Experts Live Netherlands 2022 Sessionize Event
Cloud Identity Summit '22 Sessionize Event
WorkPlace Ninja Summit 2022 Sessionize Event
European MCT Summit 2022 Sessionize Event
psconf.eu 2022 Sessionize Event
Techorama 2022 BE Sessionize Event
Microsoft 365 Virtual Marathon 2022 Sessionize Event
Teams Nation 2022 Sessionize Event
Canadian Cloud Summit 2022 Sessionize Event
MCT West Africa Cloud Bootcamp 2021 Sessionize Event
Azure Community Bootcamp Sessionize Event
CollabDays New England - Microsoft 365 2021 Sessionize Event
Virtual Azure Community Day #4 Sessionize Event
Cloud Identity Summit '21 Sessionize Event
BSides København 2021 Sessionize Event
PowerShell, DevOps and Cloud Conference Sessionize Event
Azure Summit Sessionize Event
WorkPlace Ninja Virtual Edition 2021 Sessionize Event
India Cloud Security Summit , 2021 Sessionize Event
Cloud Native Days with Kubernetes Sessionize Event
Azure Day Rome 2021 Sessionize Event
BSides Athens 2021
Offensive Azure Security
Wild West Hacking Fest
Offensive Azure Security
BSides Budapest 2021
Offensive Azure Security
Techorama 2021 Spring Edition Sessionize Event
M365 Philly Virtual 2021 Sessionize Event
Cloud Lunch and Learn Marathon 2021 Sessionize Event
Microsoft 365 Virtual Marathon Sessionize Event
Global Azure Virtual 2021, Greece Sessionize Event
Global Azure Austria 2021 Sessionize Event
Global Azure 2021-India Sessionize Event
Global Azure Virtual 2021 Sessionize Event
Global Azure 2021 - Spain Sessionize Event
MVPDays LIVE "Endpoint" Day Online 2021 Sessionize Event
Security BSides Dublin 2021 Sessionize Event
MCT Summit 2021 Sessionize Event
Virtual Scottish Summit 2021 Sessionize Event
Azure Saturday - Belgrade 2021 Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
Microsoft 365 Friday California 2021 Sessionize Event
Modern Workplace Conference Paris 2021 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top